Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malwarebytes started blocking 239.255.255.250 repeatedly this morning, help!


  • Please log in to reply
27 replies to this topic

#1 amjamm

amjamm

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:49 AM

Posted 02 March 2017 - 09:20 AM

This morning Malwaerbytes Premium started blocking this this morning, repeatedly, on multiple ports, i.e.

 

Malicious Website Protection, IP, 239.255.255.250, 60075, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

Help!



BC AdBot (Login to Remove)

 


#2 Daylu

Daylu

  • Members
  • 1 posts
  • OFFLINE
  •  

Posted 02 March 2017 - 09:30 AM

I'm getting the same thing, but different ports, and sometimes from svchost.exe. My Google Fu is failing me.



#3 Mamontt

Mamontt

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 02 March 2017 - 09:31 AM

I have just started getting the same issue: 239.255.255.250 to different ports, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe.



#4 JustinCO

JustinCO

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 02 March 2017 - 09:32 AM

Disabling extensions didn't stop it.  Must be something in Chrome.

 

Did we just get an update or something?  I'm on 56.0.2924.87.


Edited by JustinCO, 02 March 2017 - 09:34 AM.


#5 giobooo

giobooo

  • Members
  • 1 posts
  • OFFLINE
  •  

Posted 02 March 2017 - 09:34 AM

Same problem here.



#6 Russd22

Russd22

  • Members
  • 3 posts
  • OFFLINE
  •  

Posted 02 March 2017 - 09:41 AM

Me too... MBAM has been a bit buggy for me since I upgraded to v3.0, so maybe its related to that.

 

Chrome Version: 56.0.2924.87

Malwarebytes Premium: 3.0.6.1469


Edited by Russd22, 02 March 2017 - 09:44 AM.


#7 bikerwiley

bikerwiley

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:49 AM

Posted 02 March 2017 - 09:43 AM

It has to do with Chrome or more specifically a Chrome extension/plugin.

Switch to Firefox and the problem quit immediately



#8 cobraman

cobraman

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 02 March 2017 - 09:44 AM

For me the same, multiple ports on this IP, outgoing all from Chrome

(svchost (LocalServiceAndNoImporsonation) is recieving some info from this IP)

I allready did a clean re-install of Chrome with no effect.


Edited by cobraman, 02 March 2017 - 09:45 AM.


#9 JustinCO

JustinCO

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 02 March 2017 - 09:45 AM

It has to do with Chrome or more specifically a Chrome extension/plugin.

Switch to Firefox and the problem quit immediately

Disabling extensions doesn't solve the problem.  But you're right on the money that the problem is only with Chrome.


Edited by JustinCO, 02 March 2017 - 09:46 AM.


#10 DonkeyKong

DonkeyKong

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 02 March 2017 - 09:45 AM

Same



#11 Panderine

Panderine

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:49 AM

Posted 02 March 2017 - 09:46 AM

Yes, It started for me too this morining disabling the "media router" in chrome seems to fix the sending of packets. dunno why this started showing today. Must be something from MW update because chrome didn't upgraded for me also running x64 56.0.2924.87

 

MW premium 3.0.6.1458

component package version 1.0.49

update package version : 1.0.1403 

 

Media router is responsible of "casting" tabs from chrome to other devices (like chromecast). To disable it:

 

In Chrome, copy the following address into the URL bar:chrome://flags/#enable-media-router. Click Disable under “Enable Media Router.”


Edited by Panderine, 02 March 2017 - 09:47 AM.


#12 org_will

org_will

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:49 AM

Posted 02 March 2017 - 09:50 AM

We are having this issue too, but it's Skype and Chrome outbound traffic

IP: 239.255.255.250
Port: 50105, 63440, 60918



#13 JustinCO

JustinCO

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 02 March 2017 - 09:50 AM

Yes, It started for me too this morining disabling the "media router" in chrome seems to fix the sending of packets. dunno why this started showing today. Must be something from MW update because chrome didn't upgraded for me also running x64 56.0.2924.87

 

MW premium 3.0.6.1458

component package version 1.0.49

update package version : 1.0.1403 

 

Media router is responsible of "casting" tabs from chrome to other devices (like chromecast). To disable it:

 

In Chrome, copy the following address into the URL bar:chrome://flags/#enable-media-router. Click Disable under “Enable Media Router.”

 

That makes a lot of sense, since the IP address MWB is flagging is the multicast address for https://en.wikipedia.org/wiki/Simple_Service_Discovery_Protocol

 

So this is probably a Malwarebytes update that started all this flagging for us and it's largely harmless?


Edited by JustinCO, 02 March 2017 - 09:51 AM.


#14 Russd22

Russd22

  • Members
  • 3 posts
  • OFFLINE
  •  

Posted 02 March 2017 - 09:52 AM

Looks like MB are on it: https://forums.malwarebytes.com/topic/197099-ip-239255255250-popup/

 

This f/p should be fixed in the next update. Sorry for the inconvenience. 


Edited by Russd22, 02 March 2017 - 09:53 AM.


#15 MyGoToOffice

MyGoToOffice

  • Members
  • 1 posts
  • OFFLINE
  •  

Posted 02 March 2017 - 09:52 AM

It's a legitimate Windows service (https://en.wikipedia.org/wiki/Simple_Service_Discovery_Protocol ). Except that the service has been used in DDoS attacks, I don't yet know why Malwarebytes has decided to start blocking.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users